Be cloudy and secure...

Security


Cloud Security Authors: Elizabeth White, Yeshim Deniz, Shelly Palmer, Rick Popko, Jackie Kahle

Related Topics: Online Shopping, Security

Article

Security and Convenience - Like Oil and Water?

The memorable password

As the pace of life appears to quicken, customers are demanding services that are faster, more mobile and more convenient. Microwave meals are ready in two ticks, a trip to an exotic island is only a couple of mouse clicks away and when travelling to a new destination, we trust GPS devices blindly without once consulting a road map. We continually expect speed, ease and convenience.

In our virtual lives, it is the same story. We want access to all our applications in a split second, with minimal effort. In fact, in this world of high technology and instant communications, we have come to expect each new innovation to make our lives more convenient than ever before.

However, one of the most often discussed conundrums in IT is the constant trade off between security and usability or convenience. The sad truth is that often the more convenient we tend to make things, the less secure they are; conversely, the more secure we make things, the more inconvenient it becomes. For years, consumers have battled between security and convenience. But is there a better way to secure our online presence, and what role can brands play to protect their customers online?

The memorable password
Of course every consumer wants to feel that their online identity and assets are secure. But in an effort to keep things simple, it is little wonder that customers tend to limit the numbers of passwords they use.

Research has revealed that the average internet user administers 25 online accounts, logging on to the various applications 8 times a day, using 4 different devices. These 25 accounts are protected, on average, by 6 different passwords and unfortunately the same passwords crop up time and time again. The research showed that:

  • 23% refer to the user's nickname
  • 18% choose their date of birth
  • 15% log on with the name of their child
  • 16% use the name of a pet
  • 2% still use the word "password"

Only 26% choose an arbitrary password, however, these arbitrary passwords are often written down on post-it notes and kept close to the computer, which nullifies the point of having a secret password. It may well be convenient to limit the number of passwords in use and to ensure they are easy to remember, but it is clear that this is by no means a secure strategy. It seems slightly absurd that almost fifteen years after the internet secured its role as a publically accessible channel for shopping, entertainment and working, that many brands still rely on very rudimentary security measures to keep their customers safe when they are visiting their sites. Surely, the upping the security onus should fall on brands, if they value their customers?

A happy and secure customer
Sadly, passwords often remain the first, last and only tool used to safeguard an account against intrusion attempts. It is second nature to close and lock the front door and possibly set the alarm every time you leave the house, so why then are we so negligent in protecting our precious information online?

Numerous long lists of tips and tricks for good password management can be found online. To pick only a few highlights, these would include: do not use real words, mix different character types, use different passwords for different accounts and change your passwords regularly. But let's face it: passwords are bothersome and the requirement to create and regularly amend them, is not convenient.

In a time of increased competition and as organisations strive to maintain customer loyalty, they must provide their customers with not only safe access to information, but in a manner convenient to the user.

Bridging the gap between security and convenience

Not for the first time and certainly not for the last, technology has arrived to fix a problem that technology created. Strong authentication - also called two-factor authentication - is borne out of the idea that safe access can only be assured when at least two elements are involved: something you know - for example a username or e-mail address and something you have - for example an authentication application.

Extending this concept further is MYDIGIPASS.COM, which allows the user to explore all sorts of websites and applications in a secure way. VASCO's hosted authentication platform provides an added level of security. It solves the issue between security and convenience, as the second element is dealt with. First, the platform provides a single sign-on (SSO) environment. Users only have to log in once with their strong password, and access will be granted to all their applications available on the platform. Second, MYDIGIPASS.COM allows the user to manage his user attributes. Imagine how often one has to fill in his name, date of birth or address when he wants to register for an account. That's all in the past now. The user himself is in control of the user attributes he wishes to share.

Although we should think that security and convenience cannot be reconciled, MYDIGIPASS.COM provides the evidence to the contrary. Thanks to this service, the user can feel at ease again when he logs on to his favorite applications.

This service simplifies the end-user's password usage, as it is no longer necessary to memorise a long list of passwords for various online accounts. Not only improving both safety and convenience, there is an additional benefit in that once a user has logged on to the service, they have secure access to every application that is registered on the platform and a central place for the consumer to store, update and share their credentials.

Creating a perfect blend
As consumers demand immediate gratification in just about every aspect of their lives, the thorny issue of security or convenience will rumble on. Most experts will tell you that convenience and security are usually at odds, but to deliver the service that customers deserve and demand, the key is to understand that the two are not like oil and water. They can mix, and brands should be encouraged to adopt the next generation of security that - finally! - marries robust secuirty with user convenience.

More Stories By Jan Valcke

Jan Valcke is President and Chief Operating Officer, VASCO Data Security International.